use rpki::data_model::oid::OID_CP_IPADDR_ASNUMBER;
use rpki::data_model::rc::{ResourceCertKind, ResourceCertificate, SubjectInfoAccess};

#[test]
fn resource_certificate_from_der_parses_ca_fixtures() {
    let fixtures = [
        "tests/fixtures/repository/rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer",
        "tests/fixtures/repository/ca.rg.net/rpki/RGnet-OU/R-lVU1XGsAeqzV1Fv0HjOD6ZFkE.cer",
        "tests/fixtures/repository/ca.rg.net/rpki/RGnet-OU/ZW5EIqvxKWSSAOsBmoFfKxIjbpI.cer",
    ];

    for path in fixtures {
        let der = std::fs::read(path).expect("read CA cert fixture");
        let rc = ResourceCertificate::from_der(&der).expect("parse CA cert fixture");

        assert_eq!(
            rc.kind,
            ResourceCertKind::Ca,
            "fixture should be CA: {path}"
        );
        assert_eq!(rc.tbs.version, 2, "X.509 v3 encoded as 2: {path}");

        assert_eq!(
            rc.tbs.extensions.certificate_policies_oid.as_deref(),
            Some(OID_CP_IPADDR_ASNUMBER),
            "CA certificatePolicies OID: {path}"
        );

        assert!(
            matches!(
                rc.tbs.extensions.subject_info_access,
                Some(SubjectInfoAccess::Ca(_))
            ),
            "CA SIA should not contain signedObject accessMethod: {path}"
        );

        assert!(
            rc.tbs.extensions.ip_resources.is_some(),
            "CA should have IP resources: {path}"
        );
    }
}

#[test]
fn resource_certificate_from_der_parses_as_resources_in_apnic_fixture() {
    let path = "tests/fixtures/repository/rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer";
    let der = std::fs::read(path).expect("read APNIC CA cert fixture");
    let rc = ResourceCertificate::from_der(&der).expect("parse APNIC CA cert fixture");

    assert!(
        rc.tbs.extensions.as_resources.is_some(),
        "fixture should carry AS resources"
    );
}